Partial vs Complete Catchup: what are the differences in terms of security?
Lets assume I power-up a new core and join (as validator) to a network of pre-existing other nodes. In addition, to speed things up, I chose to do a partial catchup from one history archive. Now, having synced up, is it possible that my new core has a state that's been tampered with?
In other words, when I perform partial catchup, what are the risks in terms of security?
UPDATE: I'm slightly changing the question to make it more interesting: Suppose the network I join has conspired against me and they've all tampered with the state (the bucketlist) stored on their history to reflect a state that's different than the one I would arrive to by replaying the txs from the genesis block. Is this possible? If it is, then a full catchup does have benefits over a partial one.
stellar-core scp catchup
add a comment |
Lets assume I power-up a new core and join (as validator) to a network of pre-existing other nodes. In addition, to speed things up, I chose to do a partial catchup from one history archive. Now, having synced up, is it possible that my new core has a state that's been tampered with?
In other words, when I perform partial catchup, what are the risks in terms of security?
UPDATE: I'm slightly changing the question to make it more interesting: Suppose the network I join has conspired against me and they've all tampered with the state (the bucketlist) stored on their history to reflect a state that's different than the one I would arrive to by replaying the txs from the genesis block. Is this possible? If it is, then a full catchup does have benefits over a partial one.
stellar-core scp catchup
add a comment |
Lets assume I power-up a new core and join (as validator) to a network of pre-existing other nodes. In addition, to speed things up, I chose to do a partial catchup from one history archive. Now, having synced up, is it possible that my new core has a state that's been tampered with?
In other words, when I perform partial catchup, what are the risks in terms of security?
UPDATE: I'm slightly changing the question to make it more interesting: Suppose the network I join has conspired against me and they've all tampered with the state (the bucketlist) stored on their history to reflect a state that's different than the one I would arrive to by replaying the txs from the genesis block. Is this possible? If it is, then a full catchup does have benefits over a partial one.
stellar-core scp catchup
Lets assume I power-up a new core and join (as validator) to a network of pre-existing other nodes. In addition, to speed things up, I chose to do a partial catchup from one history archive. Now, having synced up, is it possible that my new core has a state that's been tampered with?
In other words, when I perform partial catchup, what are the risks in terms of security?
UPDATE: I'm slightly changing the question to make it more interesting: Suppose the network I join has conspired against me and they've all tampered with the state (the bucketlist) stored on their history to reflect a state that's different than the one I would arrive to by replaying the txs from the genesis block. Is this possible? If it is, then a full catchup does have benefits over a partial one.
stellar-core scp catchup
stellar-core scp catchup
edited Feb 28 at 10:26
Orbit Lens
5,8961926
5,8961926
asked Feb 28 at 8:00
FuzzyAmiFuzzyAmi
758313
758313
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.
Therefore, there is no difference whether you are doing full or partial catchup.
EDIT:
- Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.
- Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.
If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
Feb 28 at 10:13
1
@FuzzyAmi I updated the answer
– Orbit Lens
Feb 28 at 10:29
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "686"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstellar.stackexchange.com%2fquestions%2f2246%2fpartial-vs-complete-catchup-what-are-the-differences-in-terms-of-security%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.
Therefore, there is no difference whether you are doing full or partial catchup.
EDIT:
- Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.
- Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.
If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
Feb 28 at 10:13
1
@FuzzyAmi I updated the answer
– Orbit Lens
Feb 28 at 10:29
add a comment |
Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.
Therefore, there is no difference whether you are doing full or partial catchup.
EDIT:
- Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.
- Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.
If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
Feb 28 at 10:13
1
@FuzzyAmi I updated the answer
– Orbit Lens
Feb 28 at 10:29
add a comment |
Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.
Therefore, there is no difference whether you are doing full or partial catchup.
EDIT:
- Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.
- Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.
If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.
Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.
Therefore, there is no difference whether you are doing full or partial catchup.
EDIT:
- Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.
- Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.
If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.
edited Feb 28 at 10:25
answered Feb 28 at 9:34
Orbit LensOrbit Lens
5,8961926
5,8961926
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
Feb 28 at 10:13
1
@FuzzyAmi I updated the answer
– Orbit Lens
Feb 28 at 10:29
add a comment |
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
Feb 28 at 10:13
1
@FuzzyAmi I updated the answer
– Orbit Lens
Feb 28 at 10:29
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
Feb 28 at 10:13
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
Feb 28 at 10:13
1
1
@FuzzyAmi I updated the answer
– Orbit Lens
Feb 28 at 10:29
@FuzzyAmi I updated the answer
– Orbit Lens
Feb 28 at 10:29
add a comment |
Thanks for contributing an answer to Stellar Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstellar.stackexchange.com%2fquestions%2f2246%2fpartial-vs-complete-catchup-what-are-the-differences-in-terms-of-security%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown